Nils Larsch wrote:
Garick Hamlin wrote:
HI,
I have a PIV-2 card. I have performed some tests on Linux using
to NIST Reference Middleware. The card works with pivTest.
I noticed the PIV-2 patches on the list. I am very excited but
so far I haven't gotten them to
work. I did a few things I wasn't sure about and I haven't read
through all of the code, and I am
new to opensc. I couldn't find a branch/tag or current patch for
head for piv stuff. Is there one?
I've just committed it to the head so a fresh check out should
include the patch.
I have not tried the checked in code yet, but you will need something
like this in the opensc.conf to get it to look for the PIV applet.
Replace the ATR with your card's atr:
card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
name = "PIV-II";
driver = "piv";
pkcs15emu = "PIV-II";
}
If the card has a certificate, key and pin,
you could see what objects are on the card:
pkcs11-tool -l -O
or read the certificate with:
pkcs15-tool --pin xxxxxxxx -r 1
Note: NIST is about to relax the restriction on having to use
the pin to read the cewrtificate. The current code assumes you
have to enter the pin. pkcs11-tool assumes you don't need to do this.
so it has trouble reading the certificate if the card is enforcing the
restriction.
Anyway
Here's what I see captured by pcscd.
APDU: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
SW: 61 0F
APDU: 00 C0 00 00 0F
SW: 61 0D 4F 0B A0 00 00 03 08 00 00 10 00 01 00 90 00
thats it ... (captured via: $ pcscd -a -d stdout > /tmp/foo )
Does this not work to capture data??
[EMAIL PROTECTED] bin]# ./opensc-tool -f
card-piv.c:1228:piv_find_obj_by_containerid: returning with: Unknown
error
card-piv.c:1266:piv_select_file: returning with: File not found
card.c:531:sc_select_file: returning with: File not found
SELECT FILE failed: File not found
** or more verbosely **
errors surrounded with '#'
[EMAIL PROTECTED] bin]# ./opensc-tool -f -v -v -v
sc.c:168:sc_detect_card_presence: called
sc.c:173:sc_detect_card_presence: returning with: 1
Connecting to card in reader OMNIKEY CardMan 4000 Socket 0 0 0...
card.c:110:sc_connect_card: called
card-piv.c:1309:piv_match_card: called
card-piv.c:1321:piv_init: called
card-piv.c:1335:piv_init: Max send = 65535 recv = 65535
card-piv.c:425:piv_find_aid: called
card.c:295:sc_unlock: Calling card logout function
card-piv.c:175:piv_logout: called
card-piv.c:451:piv_find_aid: found PIX
card-piv.c:462:piv_find_aid: returning with: 0
card-piv.c:1357:piv_init: returning with: 0
card.c:219:sc_connect_card: card info: PIV-II card, 14001, 0x0
card.c:220:sc_connect_card: returning with: 0
Using card driver PIV-II for multiple cards.
card.c:509:sc_select_file: called; type=2, path=3f00
card-piv.c:1249:piv_select_file: called
card-piv.c:1221:piv_find_obj_by_containerid: str=0x3F00
#card-piv.c:1228:piv_find_obj_by_containerid: returning with: Unknown
error#
#card-piv.c:1266:piv_select_file: returning with: File not found#
#card.c:531:sc_select_file: returning with: File not found#
SELECT FILE failed: File not found
card.c:295:sc_unlock: Calling card logout function
card-piv.c:175:piv_logout: called
card.c:234:sc_disconnect_card: called
card-piv.c:1297:piv_finish: called
card.c:249:sc_disconnect_card: returning with: 0
ctx.c:728:sc_release_context: called
Ok ... this is more helpful, but I still can't see the APDUs?
increase the debug level in opensc.cnf
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
